I just read a post about trusted cert that doesn't give a warning to everyone that visits the page using https://letsencrypt.org/ here.

The question I have is after I configured the letsencrypt for Apache server and I can access the site via https address, and, since I also want to use the https to webcit, then what do I do to make sure the https access to that domain is served by the webcit and not by Apache?

One alternative seems to be to change the webcit port for https access to something other than 443.

How do I do that?

Another one is to disable the Apache serving the https requests, so that when domain is accessed as secure site, it is automatically served by the webcit, and not apache. In that case, how do I configure the letsencrypt certificates that work for that domain to work with webcit instead?

i my self use nginx and have a special subdomain for webcit to be citadel.domain and then i simply reverse proxy that subdomain to local webcityou can run that webcit on plain http doesn't matter cause it's local, i have it running with ssl on port 2443... but you can use any other port and don't need ssl...i don't use letsencrypts auto configuration option, just use the certonly option it places all certs in standard location, the main domain will be the first domain specified in the cli and certs will be placed in /etc/letsencrypt/live/domain/then just create link in your servers config to /etc/letsencrypt/live/domain/ and use thatso just do $ letsencrypt certonly -d mydomain,citadel.mydomainor something like that and configure your server to reverse proxy it to webcit when $host is ^citadel.*On 12/13/2015 10:32 PM, platonov wrote:

I just read a post about trusted cert that doesn't give a warning to everyone that visits the page using https://letsencrypt.org/ here.The question I have is after I configured the letsencrypt for Apache server and I can access the site via https address, and, since I also want to use the https to webcit, then what do I do to make sure the https access to that domain is served by the webcit and not by Apache?One alternative seems to be to change the webcit port for https access to something other than 443.How do I do that?Another one is to disable the Apache serving the https requests, so that when domain is accessed as secure site, it is automatically served by the webcit, and not apache. In that case, how do I configure the letsencrypt certificates that work for that domain to work with webcit instead?Thanx in advance.

Thanx a lot for quick followup. Just one question: Since I am not exactly a sysadmin type of a guy, what exactly do I need to do on Ubuntu 14.10 server to reverse proxy citadel subdomain? It looks like some Apache configuration to me. Is it done in /etc/apache2/sites-enabled/domain_name? If so, do I need to add a rule for port 443 to it? And, what would I specify for the ProxyPass and ProxyPassReverse, I guess, to make sure it passes it to webcit instead?

i my self use nginx and have a special subdomain for webcit to be citadel.domain and then i simply reverse proxy that subdomain to local webcityou can run that webcit on plain http doesn't matter cause it's local, i have it running with ssl on port 2443... but you can use any other port and don't need ssl...i don't use letsencrypts auto configuration option, just use the certonly option it places all certs in standard location, the main domain will be the first domain specified in the cli and certs will be placed in /etc/letsencrypt/live/domain/then just create link in your servers config to /etc/letsencrypt/live/domain/ and use thatso just do $ letsencrypt certonly -d mydomain,citadel.mydomainor something like that and configure your server to reverse proxy it to webcit when $host is ^citadel.*On 12/13/2015 10:32 PM, platonov wrote:

I just read a post about trusted cert that doesn't give a warning to everyone that visits the page using https://letsencrypt.org/ here.The question I have is after I configured the letsencrypt for Apache server and I can access the site via https address, and, since I also want to use the https to webcit, then what do I do to make sure the https access to that domain is served by the webcit and not by Apache?One alternative seems to be to change the webcit port for https access to something other than 443.How do I do that?Another one is to disable the Apache serving the https requests, so that when domain is accessed as secure site, it is automatically served by the webcit, and not apache. In that case, how do I configure the letsencrypt certificates that work for that domain to work with webcit instead?Thanx in advance.

As you may have heard, Let's Encrypt (letsencrypt.org) a non-profit, free Certificate Authority supported by the EFF and a host of players. They just entered public beta with their client, which means you can download it and install a real and free certificate on your citadel server (or whatever you like). This is not an advertisement. It's a big initiative to get everyone to encrypt their traffic. I just did two of my citadel installs and though it was pretty easy so thought I'd share.

How to: Let's Encrypt Free SSL Cert Citadel 9.01 Debian 8.2 Jessie 64

[This tutorial is Debian specific, but should be close for any distro. Just make sure you have git installed]

Run these commands as any user which is in /etc/sudoers - you'll be prompted for sudo password when necessary.

Enter your account email, Accept the TOS. You can add multiple domains if you leave off the -d arg (or use multiple -d args) . DNS must be already configured or this will fail with 'client unauthorized'.

All is good, except I had to add an nginx block for the static/ dir for the images and some of the chat js to work.

That also works, however I now have a web client app which also uses a dir called 'static', so proxying that folder isn't a good option anymore. It breaks the app.

It seems there are three options.

1) Move, copy or link some files.

2) Change the name of the webcit 'static' folder

3) Change the name of the mailclient 'static' folder.

I'm leaning toward 1), but just thought I'd ask you smart guys what you think. A handful of symbolic links would probably cover it. It seems like the least janky approach.

2) /static/ is hardcoded into all the styles. I don't have the source at the moment. If it needs to be changed there and recompiled, that's out since I just don't want to take it that far. Lots of stuff to administer, my life consist of defaults.

3) Other webclient has metric ton of minimized javascript I don't want to touch either.

I guess I could just live with it the way it is.. this could just be considered an nginx specific question, but I'm not aware of any way to 'blend' two folders via an alias. There may even be some name collision with files.

You don't need to run webcit ssl if you already have a web server with a valid cert running on 443. That's kind of the whole point behind proxying the requests. Just run it on port 2000 (or whatever, I personally use 127.0.0.1:12 - yes, that's port 12)

So just add the proxy config as shown on the wiki, and run webcit locally. The SSL cert for your web server will take care of it. If you try to use the stock script in /etc/init.d/webcit, you're going to get an error because it is going to try and grab port 443 and you already have apache/nginx on that port.

My webcit-local.sh script is attached. It should be get you in the ball park. Just copy it to /etc/init.d/webcit-local (or wherever your init scripts are) and chmod u+ x as root.

I use the low port # and only bind to localhost so webcit is not exposed publicly without ssl. It also saves the overhead not having webcit ssl running.

Thanx a lot for quick followup. Just one question: Since I am not exactly a sysadmin type of a guy, what exactly do I need to do on Ubuntu 14.10 server to reverse proxy citadel subdomain? It looks like some Apache configuration to me. Is it done in /etc/apache2/sites-enabled/domain_name? If so, do I need to add a rule for port 443 to it? And, what would I specify for the ProxyPass and ProxyPassReverse, I guess, to make sure it passes it to webcit instead?

i my self use nginx and have a special subdomain for webcit to be citadel.domain and then i simply reverse proxy that subdomain to local webcityou can run that webcit on plain http doesn't matter cause it's local, i have it running with ssl on port 2443... but you can use any other port and don't need ssl...i don't use letsencrypts auto configuration option, just use the certonly option it places all certs in standard location, the main domain will be the first domain specified in the cli and certs will be placed in /etc/letsencrypt/live/domain/then just create link in your servers config to /etc/letsencrypt/live/domain/ and use thatso just do $ letsencrypt certonly -d mydomain,citadel.mydomainor something like that and configure your server to reverse proxy it to webcit when $host is ^citadel.*On 12/13/2015 10:32 PM, platonov wrote:

I just read a post about trusted cert that doesn't give a warning to everyone that visits the page using https://letsencrypt.org/ here.The question I have is after I configured the letsencrypt for Apache server and I can access the site via https address, and, since I also want to use the https to webcit, then what do I do to make sure the https access to that domain is served by the webcit and not by Apache?One alternative seems to be to change the webcit port for https access to something other than 443.How do I do that?Another one is to disable the Apache serving the https requests, so that when domain is accessed as secure site, it is automatically served by the webcit, and not apache. In that case, how do I configure the letsencrypt certificates that work for that domain to work with webcit instead?Thanx in advance.

I am excited about the Let's Encrypt project, not only because the certificates
are free/open, but also because they've automated the enrollment procedure
in a way that's programmable. I could easily see Citadel speaking their enrollment
protocol in the future, and being able to get a signed certificate without
ever having to visit the CA directly.

i have been using citadel on fedora 20 for over a year - mostly without problem. yesterday i realised i needed to delete a large amount of emails from the aide room that had been outputted from crond.

thunderbird had a lot of trouble doing this and it crashed numerous times.

today i found that citadel had crashed and the hard drive on my server was full. i cleared some space on the server and also found that half the hard drive space is used by the folder /var/lib/citadel/data/

though when i view the properties of that folder i am only seeing about 25% of the storage space being used that the disk analyser app 'baobab' is listing as being used there.

after restarting webcit and citadel i found that webcit would fail and complain that it can't bind to port 2000 - even though there is no other service using that port.

after rebooting the server, the situation remains the same.. every time i restart webcit or stop/start it - it complains about port 2000 again.

the various commands i have run to view the activity of port 2000 always show that nothing is using the port..